元ネタ:[ACM] SSL証明書発行時のドメイン認証メールをSESで受け取ってみた
意外と設定項目多いしメンドかったので書いとく
- providerは適当に定義
-
example.comになってるところを適当に良い感じに設定
resource "aws_ses_domain_identity" "mail" {
domain = "example.com"
provider = "aws.oregon"
}
resource "aws_route53_record" "mail_amazonses_verification_record" {
zone_id = "zone_id of example.com"
name = "_amazonses.example.com"
type = "TXT"
ttl = "600"
records = ["${aws_ses_domain_identity.mail.verification_token}"]
}
resource "aws_route53_record" "mail_amazonses_inbound_mx" {
zone_id = "zone_if of example.com"
name = "example.com"
type = "MX"
ttl = "600"
# リージョンごとに設定するエンドポイントは↓を参照(例はオレゴン)
# http://docs.aws.amazon.com/ja_jp/ses/latest/DeveloperGuide/regions.html
records = ["10 inbound-smtp.us-west-2.amazonaws.com"]
}
resource "aws_s3_bucket" "mailbox" {
bucket = "mailbox"
}
resource "aws_s3_bucket_policy" "mailbox" {
bucket = "${aws_s3_bucket.mailbox.id}"
policy = "${data.aws_iam_policy_document.mailbox.json}"
}
data "aws_iam_policy_document" "mailbox" {
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["ses.amazonaws.com"]
}
actions = [
"s3:PutObject",
]
resources = ["${aws_s3_bucket.mailbox.arn}/*"]
}
}
resource "aws_ses_active_receipt_rule_set" "mail" {
rule_set_name = "${aws_ses_receipt_rule_set.mail.rule_set_name}"
provider = "aws.oregon"
}
resource "aws_ses_receipt_rule_set" "mail" {
rule_set_name = "primary-rules"
provider = "aws.oregon"
}
resource "aws_ses_receipt_rule" "store" {
name = "store-s3"
rule_set_name = "${aws_ses_receipt_rule_set.mail.rule_set_name}"
recipients = ["example.com"]
enabled = true
scan_enabled = true
s3_action {
bucket_name = "${aws_s3_bucket.mailbox.id}"
position = 1
}
provider = "aws.oregon"
}